1) If you open up something, then it will lower the security at some point.
2) It might be able to stop something, but a port is still open.
3) I would say that depend at how much you need it open.
4) Maybe you should decide why you want to use Workbench instead of command line or phpMyAdmin.
No matter how you want to access the data remotely, with phpMyAdmin or something else, you still require a port open; so just looking at that part only - "it is the same".
One way to improve the security, is to only allow access from a specific IP.

You say you can use command line? How do you get access by that?
Have you considered any form of VPN connection, if possible?

You can also do that manually. Use port forwarding to create a tunnel over SSH: pick a port on your computer and "map" that to the MySQL server.
Example: with command-line ssh, mapping port 9000 to the server's own 3306 would be

Code:

ssh [options...] -i /path/to/key.pem -L 9000:localhost:3306 user@host

Or if you're connecting to a different server that isn't running MySQL but has access to the one that is (say, 10.0.0.123),